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IN THE CLAIMS 

1 . (Currently Amended) A method for validating a packet in a computer network, comprising 
the steps of: 

deriving a session key for said packet; 

selecting at least one of a plurality of security policies as a function of the session key A 
wherein a security policy comprises multiple rules : and 

using the selected at least one of the security policies in validating said packet. 

2. (Original) The method of claim 1 wherein the session key includes items derived from 
header information appended to data in said packet. 

3. (Original) The method of claim 1 wherein the session key includes at least one item from 
the set consisting of (i) a source address, (ii) a destination address, (iii) a next-level protocol, (iv) 
a source port associated with a protocol, and (v) a destination port associated with the protocol. 

4. (Original) The method of claim 1 wherein the session key includes at least one item from 
the set consisting of (i) an Internet protocol (IP) source address, (ii) an IP destination address, (iii) 
a next-level protocol, (iv) the source port associated with the protocol, and (v) the destination port 
associated with the protocol. 

5. (Original) The method of claim 3 wherein the next-level protocol is transmission control 
protocol (TCP) or universal datagram protocol (UDP). 

6. (Original) The method of claim 1 wherein the network includes a plurality of network 
interfaces, and wherein the selecting step comprises the step of determining the interface at which 
the request was received. 
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7. (Original) The method of claim 1 wherein the network includes a plurality of network 
interfaces, and wherein the selecting step comprises the step of determining the interface to which 
the request is to be sent. 

8. (Currently Amended) A method for validating a packet in a computer network, 

comprising the steps of: 

designating a plurality of independent security policies, with e ach of t h e s e curity 
polici e s including a se t of acc e ss rules , wherein a security policy comprises multiple rules ; 
determining which security policy is appropriate for the packet; and 
validating the packet using t h e se t of acc e ss rul e s at least a portion of the multiple 
rules of the determined security policy. 

9. (Original) The method of claim 8 wherein at least a subset of the security policies 
correspond to different groups associated with a single firewall. 

10. (Original) The method of claim 8 wherein at least a subset of the security policies 
correspond to different sub-groups within a given group. 

1 1 . (Original) The method of claim 8 wherein only an administrator for a given group has 
access to modify rules of a security policy for that group. 

12. (Currently Amended) An apparatus for use in validating a packet in a firewall of a 
computer network, the firewall designating a plurality of independent security policies , wi t h e ach 
of t he s e cu r i t y polici e s including a s et of access rul e s , the apparatus comprising: 

a processor associated with the firewall and operative (i) to process the packet to 
determine which of the security policies is appropriate for the packet, wherein a security policy 
comprises multiple rules, and (ii) to validate the packet using t h e set of access rul e s at least a portion 
of the multiple rules of the determined security policy. 
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13. (Original) The apparatus of claim 12 wherein at least a subset of the security policies 
correspond to different groups associated with a single firewall. 

14. (Original) The apparatus of claim 12 wherein at least a subset of the security policies 
correspond to different sub-groups within a given group. 

15. (Original) The apparatus of claim 12 wherein only an administrator for a given group 
has access to modify rules of a security policy for that group. 

16. (Currently Amended) A method of providing a firewall in a computer network, 
comprising the steps of: 

segmenting access rul e s a plurality of security policies into a plurality of domains^ 
wherein a domain comprises at least one security policy and a security policy comprises multiple 
rules, and further wherein a plurality of administrators are associated with the plurality of domains ; 
and 

administering the access multiple rules such that only an administrator for a given 
domain is permitted to modify rules of a security policy for that domain. 

17. (Currently Amended) A computer system for packet validation in a computer network, 
comprising: 

means for obtaining at least one data item from a request for a session; 
means for selecting at least one of a plurality of security policies as a function of the 
data item , wherein a security policy comprises multiple rules ; and 

means for using the selected at least one of the security policies in validating packets 

of the session. 

18. (Original) The computer system of claim 1 7 wherein the network includes a plurality of 
network interfaces, and wherein the means for selecting comprises means for determining the 
interface at which the request was received. 
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19. (Original) The computer system of claim 18 wherein the means for determining 
comprises means for referring to a source IP address contained in the request. 

20. (Original) The computer system of claim 1 7 wherein the network includes a plurality of 
network interfaces, and wherein the means for selecting comprises means for determining the 
interface to which the request is to be sent. 

21. (Original) The computer system of claim 20 wherein the means for determining 
comprises means for referring to a destination IP address contained in the request. 

22 . (Currently Amended) A method for packet validation in a computer network, comprising 
the steps of: 

obtaining at least one data item from a request for a session; 
selecting at least one of a plurality of security policies as a function of the data iten^ 
wherein a security policy comprises multiple rules ; and 

using the selected at least one of the security policies in validating packets of the 

session. 

23. (Original) The method of claim 22 wherein the network includes a plurality of network 
interfaces, and the selecting step includes determining the interface at which the request was 
received. 

24. (Original) The method of claim 23 wherein the determining step includes referring to 
a source IP address contained in the request. 

25. (Original) The method of claim 22 wherein the network includes a plurality of network 
interfaces, and the selecting step includes determining the interface to which the request is to be sent. 
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26. (Original) The method of claim 25 wherein the determining step includes referring to 
a destination IP address contained in the request. 



